Verifying the Domain Controller and Active Directory Setup

Run the following tests to verify if the RFC2307 integration is already enabled in your Active Directory (AD):

RFC2307 on AD Domain Controllers

On a AD DC there should not be more than the sysvol and netlogon share, so the usage of unified RFC2307 idmappings is not really important. If you want to enable RFC2307 ID mappings on the DC for whatever reason, the you would have to verify on the Samba DC, that the idmap_ldb:use rfc2307 parameter exists and is set to yes in the [global] section of your smb.conf file:

idmap_ldb:use rfc2307 = yes

It is recommended not to use those mappings on the DCs. The default idmap ldb mechanism is fine for domain controllers and less error prone.